diff options
author | Alexander Mikhalitsyn <alexander.mikhalitsyn@virtuozzo.com> | 2019-11-11 19:20:22 +0300 |
---|---|---|
committer | Andrei Vagin <avagin@gmail.com> | 2020-02-04 23:39:43 +0300 |
commit | acb42456dc707a303b308fef67b2be92c81ab427 (patch) | |
tree | 87a033b0c074dafcc762763176d2c6bc41f48c07 | |
parent | e1c4871759d6edb4d7c2d3129981060b873ec912 (diff) |
zdtm: nft tables preservation test
Signed-off-by: Alexander Mikhalitsyn <alexander.mikhalitsyn@virtuozzo.com>
Signed-off-by: Alexander Mikhalitsyn <alexander@mihalicyn.com>
[Added test_author to zdtm test]
Signed-off-by: Dmitry Safonov <dima@arista.com>
-rw-r--r-- | scripts/build/Dockerfile.alpine | 1 | ||||
-rw-r--r-- | test/zdtm/static/Makefile | 1 | ||||
-rw-r--r-- | test/zdtm/static/netns-nft.c | 64 | ||||
-rwxr-xr-x | test/zdtm/static/netns-nft.checkskip | 3 | ||||
-rw-r--r-- | test/zdtm/static/netns-nft.desc | 5 |
5 files changed, 74 insertions, 0 deletions
diff --git a/scripts/build/Dockerfile.alpine b/scripts/build/Dockerfile.alpine index 29a754058..601a8693a 100644 --- a/scripts/build/Dockerfile.alpine +++ b/scripts/build/Dockerfile.alpine @@ -31,6 +31,7 @@ RUN apk add \ py-pip \ ip6tables \ iptables \ + nftables \ iproute2 \ tar \ bash \ diff --git a/test/zdtm/static/Makefile b/test/zdtm/static/Makefile index ea5d3c42e..19d93e315 100644 --- a/test/zdtm/static/Makefile +++ b/test/zdtm/static/Makefile @@ -288,6 +288,7 @@ TST_FILE = \ file_locks07 \ file_locks08 \ netns-nf \ + netns-nft \ maps_file_prot \ socket_close_data01 \ diff --git a/test/zdtm/static/netns-nft.c b/test/zdtm/static/netns-nft.c new file mode 100644 index 000000000..f4991afda --- /dev/null +++ b/test/zdtm/static/netns-nft.c @@ -0,0 +1,64 @@ +#include <string.h> +#include <unistd.h> +#include <stdlib.h> +#include <stdio.h> + +#include "zdtmtst.h" + +const char *test_doc = "Check that nft rules (some) are kept"; +const char *test_author = "Alexander Mikhalitsyn <alexander@mihalicyn.com>"; + +char *filename; +TEST_OPTION(filename, string, "file name", 1); + +int main(int argc, char **argv) +{ + char cmd[128]; + + test_init(argc, argv); + + /* create nft table */ + if (system("nft add table inet netns-nft-zdtm-test")) { + pr_perror("Can't create nft table"); + return -1; + } + + /* create input chain in table */ + if (system("nft add chain inet netns-nft-zdtm-test input { type filter hook input priority 0 \\; }")) { + pr_perror("Can't create input chain in nft table"); + return -1; + } + + /* block ICMPv4 traffic */ + if (system("nft add rule inet netns-nft-zdtm-test input meta nfproto ipv4 icmp type { echo-request } reject")) { + pr_perror("Can't set input rule"); + return -1; + } + + /* save resulting nft table */ + sprintf(cmd, "nft list table inet netns-nft-zdtm-test > pre-%s", filename); + if (system(cmd)) { + pr_perror("Can't get nft table"); + return -1; + } + + test_daemon(); + test_waitsig(); + + /* get nft table */ + sprintf(cmd, "nft list table inet netns-nft-zdtm-test > post-%s", filename); + if (system(cmd)) { + fail("Can't get nft table"); + return -1; + } + + /* compare nft table before/after c/r */ + sprintf(cmd, "diff pre-%s post-%s", filename, filename); + if (system(cmd)) { + fail("nft table differ"); + return -1; + } + + pass(); + return 0; +} diff --git a/test/zdtm/static/netns-nft.checkskip b/test/zdtm/static/netns-nft.checkskip new file mode 100755 index 000000000..270cafeb5 --- /dev/null +++ b/test/zdtm/static/netns-nft.checkskip @@ -0,0 +1,3 @@ +#!/bin/bash + +test -f /usr/sbin/nft || exit 1 diff --git a/test/zdtm/static/netns-nft.desc b/test/zdtm/static/netns-nft.desc new file mode 100644 index 000000000..f53890a24 --- /dev/null +++ b/test/zdtm/static/netns-nft.desc @@ -0,0 +1,5 @@ +{ 'deps': [ '/bin/sh', + '/usr/sbin/nft', + '/usr/bin/diff'], + 'flags': 'suid', + 'flavor': 'ns uns'} |